package com.typhoon.spring_shiro.service.shiro;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.typhoon.spring_shiro.utils.ResponseUtils;

public class CustomAuthorizationFilter extends AuthorizationFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest req, ServletResponse resp, Object mappedValue) throws Exception {
//		HttpServletRequest request = (HttpServletRequest) req;
//		// 获取请求路径
//		String path = request.getServletPath();
//		Subject subject = getSubject(req, resp);
//		if (null != subject.getPrincipals()) {
//			// 根据session中存放的用户权限，比对路径，如果拥有该权限则放行
//			Set<String> userPrivileges = (Set<String>) request.getSession().getAttribute("USER_PRIVILEGES");
//			if (null != userPrivileges && userPrivileges.contains(path)) {
//				return true;
//			}
//		}
		return false;
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
		HttpServletResponse resp = (HttpServletResponse) response;
		Map<String, Object> results = new HashMap<String, Object>(2);
		results.put("code", "403");
		results.put("msg", "无权操作");
		ResponseUtils.renderJson(resp, JSONObject.toJSONString(results, SerializerFeature.WriteMapNullValue));
		// WebUtils.toHttp(response).sendError(403, "无权操作");
		return false;
	}

}
